The fintech industry continues to grapple with challenges around e-KYC. The recent circular from Ministry of Finance, dated May 9, 2019, has been much appreciated by the industry. However, the same has been rendered ineffective due to certain requirements in the circular and a lack of common understanding between the regulators and the Unique Identification Authority of India (UIDAI) with respect to the same.
Last month, NASSCOM had written to different government departments/ministries such as the Department of Revenue, UIDAI, NITI Aayog, Ministry of Electronics & Information Technology (MEITY) and the Reserve Bank of India (RBI) with regard to certain challenges that the PPI industry is facing, pertaining to KYC verification process. We had also highlighted other issues pertaining to eKYC that remain unaddressed along with our suggestions to resolve them.
Based on recent policy developments and feedback received by us, we are providing an update on the matter.
1. Enable eKYC for PPIs
In February, the Union Cabinet cleared an ordinance to allow use of Aadhaar by banks and telecom companies. This ordinance had no provision for non-banking entities. Later, the Ministry of Finance issued a circular which lays down the procedure for processing of applications under Section 11A of the Prevention of Money Laundering Act, 2002 (‘PMLA’) for use of Aadhaar authentication services by non-banking entities. This requires the reporting entities to file an application with their respective regulator. The circular says that the application will have to undergo a three-tier approval process involving the regulator, UIDAI and the Central government.
The circular provides for the regulators to specify the format in which the information from the applicant is to be obtained. However, till date, no regulator has issued any application format. We understand, from industry information, that the reason for this is that the regulators would not like to examine each application on a case-by-case basis, as the applicants are regulated entities and from a regulator’s perspective – there is nothing to be examined. As per them, it is only the UIDAI that needs to examine the applications in order to satisfy itself that they meet UIDAI’s norms for enabling e-KYC. On the other hand, the UIDAI is unable to issue e-KYC, as the circular does not allow it to directly process the applications. This situation has resulted in fintech companies not being able to apply for e-KYC. Effectively, the circular has been rendered pointless.
Suggestion: The Ministry of Finance should consider modifying the circular issued on 9 May 2019. Accordingly, the circular should upfront treat reporting entities, which are regulated by different regulators such as Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Pension Fund Regulatory and Development Authority (PFRDA) as eligible to apply for e-KYC. Thereafter, they should be allowed to apply to UIDAI directly for an Aadhaar authentication license. The existing step 2 i.e. Examination by the appropriate regulator in the circular, should be removed.
We have also suggested that the Ministry of Finance should prescribe an application template after consultation with the UIDAI, which will be used by fintech companies to apply for an Aadhaar authentication license.
Update: The Government is reconsidering the process of e-KYC licencing in line with what has been proposed by NASSCOM. We may soon expect NBFCs and non-bank PPls that are regulated by RBI, fulfilling the UIDAl licensing conditions and the prescribed standards of security and privacy, to be allowed to directly approach UIDAI for e-KYC authentication facility.
2. Approve video KYC
The industry understands the importance of KYC process and is currently evaluating alternate mechanisms for KYC verification. This will allow customers who do not want to use Aadhaar to verify themselves, have a digital alternative. Until now, there is no cost effective, scalable and customer friendly alternative digital KYC method available to the industry. Post the Supreme Court judgment on Aadhaar in September 2018, leveraging Aadhaar eKYC was no longer an option. In the absence of any alternate digital KYC, non-banking entities such as PPIs were forced to adopt the age-old, physical form of KYC. This process is expensive, time-consuming and operationally burdensome. The industry also resorted to the XML offline Aadhaar verification method as introduced by RBI for verification however as per the feedback received from industry, failure rate for such verification are as high as 57% making it an unviable method of digital KYC.
Other alternative modes of KYC, such as, video KYC has been permitted by SEBI and is treated as “in person verification”. The mutual fund industry has been relying on video KYC to verify its customers in the absence of Aadhaar-based verification.  Certifying Authorities while issuing digital signatures also rely on video KYC. Last month, a RBI committee headed by U.K. Sinha, former chairman of SEBI, also suggested video KYC as an alternative to the existing electronic methods of verifying the identity of a person, in its report on micro, small and medium enterprises (MSMEs). The PPI industry has made several representations to RBI and MEITY to allow them to carry out video KYC to verify its customers.
Suggestion: RBI should expedite approval of video KYC as a method for doing digital KYC; so that customers who do not want to use Aadhaar for doing KYC have a digital alternative as well. This alternate eKYC mechanism is cost effective, user friendly and scalable. NASSCOM would be happy to organize demonstration of camera based KYC and discussions around its suitability, if required.
Update: Video based KYC may be allowed soon. However, to ensure adherence to the PML Rules and to eliminate usage of fake OVDs, the process requires an online verification facility. Usage of alternative electronic channels by leveraging the DigiLocker platform of the ministry of Electronic and IT and other such similar options, are also being considered by RBI.
To be sure, any non-face to face on boarding requires the customer to be categorized as a high-risk customer with its consequential requirements of enhanced due diligence and re-KYC every two years.
3. Authorized personnel Requirement
Over the last few months, several PPI issuers have received Show-Cause Notices (SCN) from the RBI for not complying with the requirement of engaging ‘Authorized officer of the entity’ for KYC verification. The entire industry has been considering third party agents to be authorized representatives. Now, as per the SCN, an authorised officer is expected to be an employee and not an agent. Today, there are millions of PPI users in the country and most of them are based in remote locations, it will be a significant operational challenge for the industry to bring on-board thousands of employees only for verification purpose. This will also put a significant financial burden on companies as they will be required to invest additional time in resources and training them.
The industry has already invested heavily in training agents and using their services to do in person verification. Such a move would will not only lead to lot of operational issues but would also be against the Government’s objective of promoting ease of doing in India.
Suggestion: RBI should allow PPI issuers to engage third party agents for verification and issue suitable clarifications in that regard. It may be noted that SEBI permits third parties to carry out due diligence of customers on behalf of various companies. We have requested the RBI to consider the specific risks that may be of concern in permitting third party verification and address those without precluding the possibility of third party verification. This shall also ensure that there is uniformity of provisions in the KYC guidelines adopted by all the regulators in the country.
Update: The certification shall continue to be carried out by authorized official only. This is because of the perceived risks that emanate from allowing person other than the authorized official of the regulated entity for carrying out certification of officially valid documents.
4. Extension of 31 August KYC deadline
While we are thankful to the Central Bank for granting the fintech companies six months extension on 26 February 2019 to comply with the requirement of conversion of min KYC to full KYC, we would like to highlight that until now, the industry does not have any digital means to do KYC. Physical KYC’s failure and challenges associated with offline verification applications has made it difficult to scale. The industry is in a debilitating position right now and we anticipate millions of accounts to go into debit only mode on 31 Aug due lack of an effective KYC mechanism.
Suggestion: Given that approval and subsequent operationalizing of a digital mode of KYC will take a couple of months, we have requested the deadline for doing KYC to be extended to March 31, 2020.
Update: We can expect an extension of the deadline.
The Aadhaar and other laws (amendment) Ordinance, 2019, March 2, 2019. See: https://indiacode.nic.in/ordinances/The%20Aadhaar%20and%20other%20Laws%20(Amendment)%20Ordinance,%202019%20(Ord%209%20of%202019).pdf
 Ministry of Finance, Department of Revenue, circular- F. No. P-12011/7/2019-ES Cell- DOR, May 9, 2019. See:https://dor.gov.in/sites/default/files/circular%20dated%2009.05.2019%20of%20PMLA.pdf
 Reporting entity means a banking company, financial institution, intermediary or a person carrying on a designated business or profession, according to PMLA Act, 2002.
 Justice K. S. Puttaswamy (Retd.) and Another vs Union Of India And Others. See: https://www.supremecourtofindia.nic.in/supremecourt/2012/35071/35071_2012_Judgement_26-Sep-2018.pdf
 Identity Verification Guidelines, Controller of Certifying Authorities, MEITY, April 23, 2019. See: http://www.cca.gov.in/cca/sites/default/files/files/Guidelines/CCA-IVG.pdf
Report of the Expert Committee on Micro, Small and Medium Enterprises, June 25, 2019. See: https://www.rbi.org.in/Scripts/PublicationReportDetails.aspx?UrlPage=&ID=924
 SEBI’s Frequently Asked Questions in respect of reliance on the records of client due diligence (KYC) carried out by a third party. See: https://www.sebi.gov.in/sebi_data/faqfiles/nov-2017/1511343200128.pdf